After some research and reviewing this other case posted on this site, I’m of the believe that version 1.5.4 and above of haproxy was modified to send a [FIN, ACK] for an http closure instead of the [RST, ACK] that earlier versions provided. In my testing I only ever see version 1.5.X send the [RST, ACK]. I’ve done this testing with both the 1.5.4 installed from RPM as well as that 1.5.18 that I’ve built from source and I get the same results.

Here is a trace of haproxy doing an httpchck to my service running on port 8181:

So I guess I’m looking for some advice if there is some sort of configuration I need in place to get haproxy to send the [FIN, ACK] instead of the [RST, ACK]. The [RST, ACK] closures are causing my programs socket errors saying the ‘connection was reset by peer’

After some research and reviewing this other case posted on this site, I’m of the believe that version 1.5.4 and above of haproxy was modified to send a [FIN, ACK] for an http closure instead of the [RST, ACK] that earlier versions provided.

But in this thread you are claiming exactly the opposite (RST vs FIN) for a different feature (health check vs actual traffic) so I assume the other issue has nothing to do with your issue.

There is no behavior change within stable 1.5 releases.

The behavior changed in haproxy 1.5-dev14, commit fd29cc537 (“MEDIUM: checks: avoid accumulating TIME_WAITs during checks”). This was also backported to haproxy-1.4 in commit 2f61455, but the 1.4 backport is different than the 1.5 commit and also does not seem to cause so much RST as the original 1.5 commit.

Can you confirm that haproxy 1.4 (1.4.23 or later) doesn’t have this problem?

Also I suggest you don’t force HTTP/1.1, it doesn’t make sense. Just use 1.0 by declaring:option httpchk GET /ping

My understanding is that haproxy release 1.5.4 and above should be sending [FIN,ACK], but my testing and traces show that I’m getting [RST,ACK]. I want to see the [FIN,ACK]. I’m looking for some feedback on how to get haproxy to send the [FIN,ACK] or why I’m seeing [RST,ACK].

Some checks which do not induce a close from the server accumulate
local TIME_WAIT sockets because they’re cleanly shut down. Typically
TCP probes cause this. This is very problematic when there are many
servers, when the checks are fast or when local source ports are rare.

So now we’ll disable lingering on the socket instead of sending a
shutdown. Before doing this we try to drain any possibly pending data.
That way we avoid sending an RST when the server has closed first.

This change means that some servers will see more RSTs, but this isneeded to avoid local source port starvation.

Seeings RST is expected behavior, although haproxy tries to drain the socket before closing it and therefor minimize RST use.